IBM Systems Magazine, Mainframe - March/April 2018 - 41

TECH SHOWCASE
SPONSORED ADVERTISING CONTENT
"What this is really about is
protecting information of not just
ourselves, but also of our families
and loved ones. That's really the
big-picture story behind all of this."
-Cindy Compert
(Cont. from page 37)
data-subject rights management
and processor/controller governance solutions.
Phase 3: Transform
Phase 3 involves transforming
your practices by understanding
that the data you deem valuable
to your organization is equally
valuable to the people it represents. You also need to develop
a sustainable compliance program; implement security, privacy
and governance controls; and
potentially appoint a data protection officer. You need to transform
all business units to globally
ensure consistent adoption of
GDPR capabilities, including data
and risk classification, detailed
assessments and priority data
remediation, and operationalizing
GDPR capabilities.
Phase 4: Operate
Phase 4 is where you're ready
to operate your program. You
will need to continually inspect
your data, monitor personal data
access, test your security, use
privacy and security-by-design
principles and purge unneeded
data. GDPR should become a
standard operating practice for
interactions with clients and
their data. It can help protect
privacy and meet GDPR-related
obligations, such as the ability
for data subjects to manage their
consent preferences and submit
data-subject access requests.
Phase 5: Conform
Phase 5 is where you're ready to
conform with necessary GDPR
requirements, such as fulfilling
data subject requests for access,
Batch Gap-a
Major Risk Within the
System of Record
Staying compliant with increasing regulations, driven by
unfortunate events of malware
and highly-visible accidental, corruption or "oops" events is harder
than ever. We can't just ignore that
the mainframe is a crucial part of
the story. It's the system of record.
Mainframes store 70 percent of the
total data in the world.
An alarming gap exists surrounding
data and application usage-particularly batch. Batch has no log or
journal. No one understands the big
picture of data dependency mapping and which application/user is
accessing sensitive data, and no one
wants to own it.
This is not a storage, application or
IT problem alone. It is a business gap
and needs to be looked at holistically.
We can no longer rely on
manual processes and scripts to
stand against the risks that face
businesses and the penalties for
non-compliance.
Why not use analytics to automate
the process? Why not apply that
LQWHOOLJHQFHÃWRÃXQGHUVWDQGÃWKHÃÁRZÃ
of data from the ecosystem and
how it's used on the mainframe?
After an event is not the time to
consider implementing solutions.
A holistic approach is required,
and without it, batch may be your
weakest link.
More GDPR Resources
Learn how IBM Z addresses GDPR compliance with pervasive
encryption: bit.ly/2DlVqED
For more information about the IBM Z platform's new data
encryption capabilities and GDPR, see: ibm.com/gdpr and
ibm.biz/GDPRSecurity
Learn about the IBM Security GDPR Framework and take
a readiness assessment: ibm.co/2DkVu7M
View the GDPR Regulations: bit.ly/1XR52Pq
Rebecca Levesque
CEO, 21st Century Software
Rebecca has 20-plus years' experience working with clients on
resiliency and recovery strategies.
MARCH/APRIL 2018 // 41